The EU’s path to cybersecurity: EU Cybersecurity Strategy

Last December, the EU has released its new Cybersecurity Strategy (EUCSS) to meet an unprecedented surge of cyberattacks due to ongoing digitalization and the pandemic. Its primary goal is the strengthening of resilience against state-sponsored cyberattacks and major security incidents.

However, the new EU cybersecurity strategy is not just a statement of intent.

The EUCSS aims at tackling the ever-evolving universe of cyberthreats while proposing concrete initiatives meant to strengthen resilience, increase awareness, foster technological sovereignty, and set a new regulatory and policy framework to accomplish these goals.

These initiatives entail not only the productive and industrial sectors, but provide a toolbox to increase the Member States’ cyber-related Defense capabilities.

Read more on our blog below!


The EUCSS: main features

The very first goal of the EUCSS aimed at increasing resilience, technological sovereignty and make the EU itself a global leader in setting security benchmarks.

To accomplish these goals the EU has revised the NIS Directive (now “NIS 2) to increase the security level of critical infrastructures such as hospitals, energy grids, railways, but also data centers, public administrations, research labs, and manufacturing of critical medical devices and medicines.

Under this strand, the Commission is also to launch a network of SOCs powered by AI.

Secondly, the EUCSS aims at building operational capacity to prevent, deter, and respond to cyberattacks, by the means of better cooperation among EU bodies and institutions.

This includes the EU Cyber Diplomacy Tools to prevent cyberattacks meant to weaken democratic institutions across the Union. Moreover, the EUCSS attempts to enhance the Defense capacity of Member States (MS) against cyberattacks.

Not surprisingly, many call of the European Defense Fund has as scope the funding of cyber-related military capabilities.

The Diplomacy Tools are also meant to sustain the third pillar of the EUCSS, EU’s international cooperation in the cyberspace, by working closely with international organizations and third countries to set international norms and standards that reflect UE’s core values and put forward the European vision of the cyberspace, by promoting a multi-stakeholder environment.


The Joint Cyber Unit

The lastest good news coming from this renewed framework is the institution of the Joint Cyber Unit. This Unit, working closely with the ENISA, shall challenge the ongoing surge in security incidents that rose from 432 in 2019 to 756 in 2020 in the Union.

Thierry Breton, Internal Market Commissioner urged the “deploying very quickly a dedicated team which we don’t have the capacity to do now. We know that the longer you wait the worse it is […]”.

The US and the UK has recently taken similar initiatives. The Joint Cyber Unit is expected to become operational on June 30, 2023. The Unit will use resources “from one country to another” to deliver technical and operational assistance, Mr. Breton told the press.



To conclude, the EUCSS has put the cyber world at the top of the EU political agenda. Its effects will soon be noticed.

A foreseeable challenge will be its actual implementation. Member States will be responsible for conforming to their national cybersecurity policies vis-à-vis the EUCSS. MS indeed may still remain the primary agent in providing security.

The establishment of national competence centers that are going to act as a liaison with ENISA is an excellent, and much-needed, step forward in the right direction.